 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.12.2022.5448.1 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-5448-1) |
| Summary: | The remote host is missing an update for the 'ncurses' package(s) announced via the USN-5448-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'ncurses' package(s) announced via the USN-5448-1 advisory. Vulnerability Insight: It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly use this issue to execute arbitrary code. (CVE-2017-10684) It was discovered that ncurses was not properly checking user input, which could result in it being treated as a format argument. An attacker could possibly use this issue to expose sensitive information or to execute arbitrary code. (CVE-2017-10685) It was discovered that ncurses was incorrectly performing memory management operations and was not blocking access attempts to illegal memory locations. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-11112, CVE-2017-13729, CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13733, CVE-2017-13734) It was discovered that ncurses was not properly performing checks on pointer values before attempting to access the related memory locations, which could lead to NULL pointer dereferencing. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-11113) It was discovered that ncurses was incorrectly handling loops in libtic, which could lead to the execution of an infinite loop. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-13728) Affected Software/OS: 'ncurses' package(s) on Ubuntu 14.04, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-10684 https://security.gentoo.org/glsa/201804-13 https://bugzilla.redhat.com/show_bug.cgi?id=1464687 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2017-10685 https://bugzilla.redhat.com/show_bug.cgi?id=1464692 Common Vulnerability Exposure (CVE) ID: CVE-2017-11112 https://bugzilla.redhat.com/show_bug.cgi?id=1464686 Common Vulnerability Exposure (CVE) ID: CVE-2017-11113 https://bugzilla.redhat.com/show_bug.cgi?id=1464691 Common Vulnerability Exposure (CVE) ID: CVE-2017-13728 https://bugzilla.redhat.com/show_bug.cgi?id=1484274 Common Vulnerability Exposure (CVE) ID: CVE-2017-13729 https://bugzilla.redhat.com/show_bug.cgi?id=1484276 Common Vulnerability Exposure (CVE) ID: CVE-2017-13730 https://bugzilla.redhat.com/show_bug.cgi?id=1484284 Common Vulnerability Exposure (CVE) ID: CVE-2017-13731 https://bugzilla.redhat.com/show_bug.cgi?id=1484285 Common Vulnerability Exposure (CVE) ID: CVE-2017-13732 https://bugzilla.redhat.com/show_bug.cgi?id=1484287 Common Vulnerability Exposure (CVE) ID: CVE-2017-13733 https://bugzilla.redhat.com/show_bug.cgi?id=1484290 Common Vulnerability Exposure (CVE) ID: CVE-2017-13734 https://bugzilla.redhat.com/show_bug.cgi?id=1484291 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |